Iranian and Russian Hackers Target British Politicians and Journalists: Cyber ​​Watchdog

Iranian and Russian hackers are “relentlessly” trying to steal sensitive information from British journalists and politicians, the UK’s cybersecurity watchdog has warned.

so Recommendation The National Cyber ​​Security Center (NCSC), which went public on January 26, said the Iran- and Russia-based group was targeting various organizations and individuals in the UK and elsewhere.

“The Russian-based SEABORGIUM (Callisto Group/TA446/COLDRIVER/TAG-53) and Iran-based TA453 (APT42/Charming Kitten/Yellow Garuda/ITG18) attackers have We continue to carry out successful spear-phishing attacks against the United Kingdom and other regions of interest for information gathering operations,” the NCSC alert said.

Rather than target the general public, Watchdog said the attacks target specific sectors such as academia, defense, government agencies, NGOs, think tanks, politicians, journalists and activists.

The NCSC advisory recommends that organizations and individuals remain vigilant in their approach and follow mitigation advice to protect their online accounts from compromise.

UK cyber security
The logo displayed on a television screen at the National Cyber ​​Security Center in London on February 14, 2017. (Carl Court/Getty Images)

“persistent threat”

In spear phishing, hackers impersonate real contacts to build trust with victims and then send meeting invitations containing malicious code that, when clicked, give the hackers access to sensitive information.

According to NCSC, SEABORGIUM and TA453 will conduct reconnaissance on social media and professional networking platforms to identify hooks to engage targets.

They also created fake social media or network profiles impersonating respected professionals and used them in purported invitations to conferences and events, as well as using deceptive approaches from journalists.

Both groups used webmail addresses from various providers (Outlook, Gmail, Yahoo, etc.) in their first approach to spoof known contacts of the target or prominent names in the target’s area or area of ​​interest.

Attackers also create malicious domains that resemble legitimate organizations to make them look real.

NCSC Operations Director Paul Chichester said:

“These campaigns by threat actors based in Russia and Iran continue to relentlessly pursue targets to steal online credentials and compromise potentially sensitive systems.

“We strongly encourage organizations and individuals to remain vigilant against potential approaches and follow the advisory’s mitigation advice to protect themselves online.”

The Center advised using email vigilance, including strong passwords, multi-factor authentication, and disabling email forwarding, to reduce the risk of hacking.

NCSC has encouraged individuals or organizations in the identified sectors to report to the Center if they are aware of any targeted activity described in the recommendations.

Chinese threat

Formed in 2017 and part of the UK’s GCHQ intelligence agency, the NCSC is responsible for protecting the country from cyberattacks.

In November 2020, then-Prime Minister Boris Johnson announced the formation of the National Cyber ​​Force (NCF). The organization works with the NCSC to conduct cyber operations, disrupt hostile state activity, thwart counter-terrorism plans, and support military operations.

While the latest warnings concern Russia and Iran, the NCSC has previously highlighted threats from the Chinese Communist Party (CCP) regime.

The NCSC’s 6th Annual Review, published in November 2022, said the regimes of Russia, China, Iran and North Korea pose “the most serious cyber threats to the UK and its interests”.

The regime’s activities targeting local and central governments in other countries include cyber espionage to obtain sensitive information, use of tools such as wiper malware to damage IT systems and institutions, includes cyber-assisted theft and theft of intellectual property and personal data of Embarrassing any state or agency or undermining social cohesion by publishing classified or restricted information. review.

British cyber
Lindy Cameron, CEO of the UK National Cyber ​​Security Centre. (Courtesy of NCSC)

NCSC CEO Lindy Cameron launches review, saying threat from Russia is “especially obvious” while China becomes “single biggest factor” affecting UK technology I said it was likely.

She warned that the UK cannot take its eyes off China, saying: This could become the single biggest factor impacting cybersecurity in the years to come. “

The NCSC said British organizations had not been significantly affected by Russia’s cyberfront of aggression against Ukraine, but said Russia “remains a persistent and active threat to the UK and its interests”. He warned against complacency with the status quo.

The cybersecurity watchdog also said the Chinese regime poses the biggest threat to UK cybersecurity in the next few years.

China is devoting “substantial resources” to research and development of emerging technologies such as artificial intelligence, quantum computing and semiconductors to achieve “technological superiority,” he said.

The report also quotes FBI Director Christopher Wray as saying that China “has a larger hacking program than all other major countries combined.”

Lily Zhou and PA Media contributed to this report.